Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Failed to bind to directory with bind information: Handshake err

SA-45483

Summary



User while upgrading LDAP server to use SSL getting issues when trying to connect to Pega.


Error Messages



PegaRULES log:

Failed to bind to directory using bind information. Is the distinguished name similar to "cn=Admin"? javax.naming.CommunicationException: simple bind failed: ab-ldap-cd.efgh.ijk.lm:636 [Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure]
...

Server debug log:

[6/09/17 11:29:47:888 EST] 00000236 SystemOut O WebContainer : 1, READ: SSLv3 Alert, length = 2
[6/09/17 11:29:47:888 EST] 00000236 SystemOut O WebContainer : 1, RECV TLSv1 ALERT: fatal, handshake_failure
[6/09/17 11:29:47:889 EST] 00000236 SystemOut O WebContainer : 1, called closeSocket()
[6/09/17 11:29:47:889 EST] 00000236 SystemOut O WebContainer : 1, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[6/09/17 11:29:47:891 EST] 000000af SystemOut O 2017-09-06 11:29:47,891 [ WebContainer : 1] [TABTHREAD1] [ ] [ PegaRULES:07.10] (.Data_Admin_AuthService.Action) ERROR xx-xx-pega01|123.12.xxx [email protected] - Data-Admin-AuthService WebLDAP1: Failed to create directory context anonymously. Anonymous bind may not be supported. CONTINUING TEST... javax.naming.CommunicationException: anonymous bind failed: ab-abcd-ef.ghij.klm.no:636 [Root exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure]
[6/09/17 11:29:47:892 EST] 00000236 SystemOut O adding as trusted cert:
...

Steps to Reproduce



Navigate to Record > SysAdmin > Create > SysAdmin > Authentication Services.


Root Cause



A defect in Pegasystems’ code or rules:

User is getting SSLHandshakeException when connecting to LDAP directory server from Pega client as it is not able to downgrade or upgrade SSL protocol version.

Resolution



Perform the following local-change:

1. Override the pySSLProtocol value by hardcoding it to "TLSv1.2"
(Or)

Read from the RASS setting for protocol version in this way "@getRuleSystemSetting("Pega-IntegrationArchitect", "pyLowestAllowableTLSVersion")" in the pyDefault Data Transform of ‘Data-Admin-AuthService’ class as it is available.



2. Create new Authenticate Service Rule and Test Connectivity.

Tags:

Pega Platform Pega Platform 7.2

Published March 8, 2018 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Collaboration Center

Did you find this content helpful?

Yes
No

Want to help us improve?
Suggest an edit
Report a Pega Community bug

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice